diff options
author | Arturo Borrero Gonzalez <arturo@netfilter.org> | 2020-12-04 11:50:25 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-08 12:50:35 +0100 |
commit | 592bb1686053cdb5cacdb1d6266d64ce976d7bf7 (patch) | |
tree | 3fc4e9ba0e09480275f6241dff050677ef5d7508 /src/build.c | |
parent | 0d24357897eddef5ab86031b0062b8a4f2b84ba4 (diff) |
conntrackd: external_inject: report inject issues as warning
In busy firewalls that run conntrackd in NOTRACK with both internal and
external caches disabled, external_inject can get lots of traffic. In
case of issues injecting or updating conntrack entries a log entry will
be generated, the infamous inject-addX, inject-updX messages.
But there is nothing end users can do about this error message, which is
purely internal. This patch is basically cosmetic, relaxing the message
from ERROR to WARNING. The information reported is also extended a bit.
The idea is to leave ERROR messages to issues that would *stop* or
*prevent* conntrackd from working at all.
Another nice thing to do in the future is to rate-limit this message,
which is generated in the data path and can easily fill log files. But
ideally, the actual root cause would be fixed, and there would be no
WARNING message reported at all, meaning that all conntrack entries are
smoothly synced between the firewalls in the cluster. We can work on
that later.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/build.c')
0 files changed, 0 insertions, 0 deletions